Malicious
Classifications
Spyware Injector
Threat Names
AgentTesla.v3
Dynamic Analysis Report
Created on 2022-08-05T10:52:19+00:00
de373cb42386f956133546049fa24b0ec459a78c7e667c9d05c366c198b680b3.exe
Windows Exe (x86-32)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\de373cb42386f956133546049fa24b0ec459a78c7e667c9d05c366c198b680b3.exe | Sample File | Binary |
Malicious
|
...
|
»
PE Information
»
Image Base | 0x00400000 |
Entry Point | 0x004355AE |
Size Of Code | 0x00033600 |
Size Of Initialized Data | 0x00001A00 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2022-07-21 11:45 (UTC+2) |
Version Information (11)
»
Comments | |
CompanyName | |
FileDescription | ZZSSACVSDFDHDJJHDG335 |
FileVersion | 1.0.0.0 |
InternalName | ZZSSACVSDFDHDJJHDG335.exe |
LegalCopyright | Copyright © 2022 |
LegalTrademarks | |
OriginalFilename | ZZSSACVSDFDHDJJHDG335.exe |
ProductName | ZZSSACVSDFDHDJJHDG335 |
ProductVersion | 1.0.0.0 |
Assembly Version | 1.0.0.0 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00402000 | 0x000335B4 | 0x00033600 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.82 |
.rsrc | 0x00436000 | 0x0000176A | 0x00001800 | 0x00033800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.49 |
.reloc | 0x00438000 | 0x0000000C | 0x00000200 | 0x00035000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x00402000 | 0x00035588 | 0x00033788 | 0x00000000 |
Digital Signature Information
»
Verification Status | Failed |
Certificate: Microsoft Corporation
»
Issued by | Microsoft Corporation |
Parent Certificate | Microsoft Code Signing PCA 2011 |
Country Name | US |
Valid From | 2021-09-02 20:33 (UTC+2) |
Valid Until | 2022-09-01 20:33 (UTC+2) |
Algorithm | sha256_rsa |
Serial Number | 33 00 00 02 55 18 1D A4 2E E0 86 FC 15 00 00 00 00 02 55 |
Thumbprint | C9 CA ED C2 CE CF 95 3E 81 2C 64 46 D4 19 27 B9 86 4B B8 80 |
Certificate: Microsoft Code Signing PCA 2011
»
Issued by | Microsoft Code Signing PCA 2011 |
Country Name | US |
Valid From | 2011-07-08 22:59 (UTC+2) |
Valid Until | 2026-07-08 23:09 (UTC+2) |
Algorithm | sha256_rsa |
Serial Number | 61 0E 90 D2 00 00 00 00 00 03 |
Thumbprint | F2 52 E7 94 FE 43 8E 35 AC E6 E5 37 62 C0 A2 34 A2 C5 21 35 |
Memory Dumps (3)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
de373cb42386f956133546049fa24b0ec459a78c7e667c9d05c366c198b680b3.exe | 1 | 0x00400000 | 0x00439FFF | Relevant Image | 32-bit | - |
...
|
||
buffer | 1 | 0x00850000 | 0x00877FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
de373cb42386f956133546049fa24b0ec459a78c7e667c9d05c366c198b680b3.exe | 1 | 0x00400000 | 0x00439FFF | Process Termination | 32-bit | - |
...
|